4.1 Example Involving System Audit Subcategory Settings
In the following example, an administrator specifies that the designated audit settings be applied for computers to which a certain GPO applies:
Exclude audit attempts for IPsec Driver.
Audit successful attempts for System Integrity.
Audit successful and failed attempts for IPsec Extended Mode.
Leave the File System policy unchanged.
Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value TEST-MACHINE,System,IPsec Driver,{0CCE9213-69AE-11D9-BED3-505054503030},No Auditing,,0 TEST-MACHINE,System,System Integrity,{0CCE9212-69AE-11D9-BED3-505054503030},Success,,1 TEST-MACHINE,System,IPsec Extended Mode,{0CCE921A-69AE-11D9-BED3-505054503030},Success and Failure,,3 TEST-MACHINE,System,File System,{0CCE921D-69AE-11D9-BED3-505054503030},Not specified,,0